​About 14.5 billion spam emails are sent each day. Some are obvious and get caught by spam filters easily, others are much more sophisticated and can (almost) fool even a seasoned professional like myself.

​I received an email ​last week that turned out to be a phishing attempt, but appeared to be so legitimate. A screen shot of the message is below.

A couple things stood out to me right away which caused me to pause before I opened the attachment. First, my email address was not in the "to" field. But this wasn't totally abnormal as this company (Proforma) often asks multiple vendors to quote on a project and I just assumed I was BCCd on the message. Second, the message seemed off. The text just wasn't what I would expect if the client really had wanted me to provide a quote.

I responded to this email and asked "Hey, is this legit?" and received a response of something like "yes, of course and it's urgent". Just getting a response almost had me thinking this was ok to open, but before I did, I decided to call the number to make sure that Andy had sent this.

I called the office line listed, I got a voicemail box that was full.

I called the mobile number and left a message.

About 20 minutes later I got a phone call back from the owner of the cell phone saying I was one of hundreds of calls he had received that day. The owner of the cell phone was not my client Andy and he had no connection to this email or account at all. All of this was indeed a scam.

If I had opened the attachment, who knows what could have happened. I'm super happy I took a couple extra minutes to review the email, and then make the phone call to determine the legitimacy of the sender.

​Consider this to be yet another warning that you need to be ever vigilant in going about your daily routine as this message could just have easily spread a virus or malware that may have contained ransomware or other potentially dangerous scripts that may have been costly to resolve.

Please verify sender email addresses carefully. Sometimes spammers user email addresses that are very similar that at first glance might look legit. Other times they may have spoofed an email address – sending from one email address but appearing to be from a different one and sometimes, a legitimate account gets hacked and the sender is free to send to everyone in the sender’s address book.

The best way to thwart these attacks is to be vigilant and think before you respond. Is the message formatted properly? Is the tone and grammar similar to what you are used to seeing from the sender? When in doubt, call before you reply to ensure the message is legitimate.

Want tips like this delivered to your inbox weekly? Sign up by clicking the button below!